在Amazon Linux 2上,通过Extras Library安装nginx,并使用systemd进行启动
环境
- Amazon Linux 2
总结
-
- Extras Library からインストールする
参照先: https://aws.amazon.com/jp/premiumsupport/knowledge-center/ec2-install-extras-library-software/
systemd を使って起動、及び自動起動の設定を行う
步骤
确认 nginx 存在于 Extras 库中。
$ amazon-linux-extras | grep nginx
38 nginx1=latest enabled [ =stable ]
请确认详细信息。
$ amazon-linux-extras info nginx1
nginx1 recommends nginx # yum install nginx
安装
$ sudo amazon-linux-extras install nginx1
确认版本和编译选项
$ nginx -V
nginx version: nginx/1.18.0
built by gcc 7.3.1 20180712 (Red Hat 7.3.1-8) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
以下是按换行分隔的配置参数。
--prefix=/usr/share/nginx
--sbin-path=/usr/sbin/nginx
--modules-path=/usr/lib64/nginx/modules
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log
--http-client-body-temp-path=/var/lib/nginx/tmp/client_body
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi
--pid-path=/run/nginx.pid
--lock-path=/run/lock/subsys/nginx
--user=nginx
--group=nginx
--with-file-aio
--with-ipv6
--with-http_ssl_module
--with-http_v2_module
--with-http_realip_module
--with-stream_ssl_preread_module
--with-http_addition_module
--with-http_xslt_module=dynamic
--with-http_image_filter_module=dynamic
--with-http_geoip_module=dynamic
--with-http_sub_module
--with-http_dav_module
--with-http_flv_module
--with-http_mp4_module
--with-http_gunzip_module
--with-http_gzip_static_module
--with-http_random_index_module
--with-http_secure_link_module
--with-http_degradation_module
--with-http_slice_module
--with-http_stub_status_module
--with-http_perl_module=dynamic
--with-http_auth_request_module
--with-mail=dynamic
--with-mail_ssl_module
--with-pcre
--with-pcre-jit
--with-stream=dynamic
--with-stream_ssl_module
--with-google_perftools_module
--with-debug
--with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic'
--with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'
请确认启动文件。
$ ll /usr/lib/systemd/system/nginx.service
-rw-r--r-- 1 root root 616 Aug 30 06:40 /usr/lib/systemd/system/nginx.service
$ cat /usr/lib/systemd/system/nginx.service
[Unit]
Description=The nginx HTTP and reverse proxy server
After=network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
# Nginx will fail to start if /run/nginx.pid already exists but has the wrong
# SELinux context. This might happen when running `nginx -t` from the cmdline.
# https://bugzilla.redhat.com/show_bug.cgi?id=1268621
ExecStartPre=/usr/bin/rm -f /run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
KillSignal=SIGQUIT
TimeoutStopSec=5
KillMode=mixed
PrivateTmp=true
[Install]
WantedBy=multi-user.target
参考:CentOS 7中systemd的文件夹结构和文件配置
修改默认的单元文件
※ 参考:修改现有的单元文件
由于无法直接编辑保存在/usr/lib/systemd/system/目录中的默认单元文件,因此可以使用以下任一方法进行编辑。
-
- 補助設定ファイルのディレクトリーを /etc/systemd/system/unit.d/ に作成する。
インストール時に /etc/systemd/system/nginx.service.d/ は既に出来ています。
ディレクトリ配下に任意の名前で config ファイルを作成して、それを編集します。
sudo touch /etc/systemd/system/nginx.service.d/nginx.conf
-
- 元のユニットファイル /usr/lib/systemd/system/ のコピーを /etc/systemd/system/ に作成し、そこで変更を行う。
例えば、デフォルトの pid ファイル(/run/nginx.pid)を上書きする場合は、以下のようになります。
[Service]
# When you install nginx from the Extras Library, the pid is configured to /run/nginx.pid.
# It's overwritten here.
PIDFile=/var/run/nginx.pid
ExecStartPre=/usr/bin/rm -f /var/run/nginx.pid
将设置更改更新
systemctl daemon-reload
systemctl reload nginx.service
启动
$ sudo systemctl start nginx.service
确认启动
$ sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-09-01 08:25:29 UTC; 46min ago
Main PID: 4302 (nginx)
CGroup: /system.slice/nginx.service
├─4302 nginx: master process /usr/sbin/nginx
└─4303 nginx: worker process
Sep 01 08:25:28 ip-10-0-1-96.ap-northeast-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal nginx[4295]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal nginx[4295]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
确认行动
$ curl -I localhost
HTTP/1.1 200 OK
自動启动设置
$ systemctl is-enabled nginx.service
disabled
$ sudo systemctl enable nginx.service
$ systemctl is-enabled nginx.service
enabled
尝试重新启动操作系统,确认nginx能够自动启动。
$ sudo reboot
日志
访问日志、错误日志
$ sudo ls -al /var/log/nginx/
total 8
drwxrwx--- 2 nginx root 41 Sep 1 08:25 .
drwxr-xr-x 8 root root 4096 Sep 6 07:53 ..
-rw-r--r-- 1 root root 298 Sep 6 07:59 access.log
-rw-r--r-- 1 root root 0 Sep 1 08:25 error.log
如果更改了由 nginx 启动的用户,则需要采取相应措施。
默认情况下,主进程以root身份启动,工作进程以nginx用户身份启动。
$ ps -ef | grep nginx | grep -v grep
root 9064 1 0 06:26 ? 00:00:00 nginx: master process /usr/sbin/nginx
nginx 9065 9064 0 06:26 ? 00:00:00 nginx: worker process
$ grep nginx /etc/passwd
nginx:x:996:994:Nginx web server:/var/lib/nginx:/sbin/nologin
如果在配置或其他地方指定了一个不同于nginx用户的用户并启动的话,会出现以下的错误。
2020/09/11 12:39:37 [crit] 3504#0: *1 open() "/var/lib/nginx/tmp/proxy/1/00/0000000001" failed (13: Permission denied) while reading upstream, client: 120.51.41.11, server: localhost, request: "GET ..."
在这种情况下,需要递归更改 /var/lib/nginx 的所有者。
$ sudo chown -R <new_user> /var/lib/nginx
新闻日志
$ sudo journalctl -u nginx.service
备忘录(各种指令)
启用/禁用
$ sudo systemctl enable nginx.service
$ systemctl is-enabled nginx.service
enabled
$ sudo systemctl disable nginx.service
Removed symlink /etc/systemd/system/multi-user.target.wants/nginx.service.
开始/停止/重新加载/重新启动
$ sudo systemctl start nginx.service
$ sudo systemctl stop nginx.service
$ sudo systemctl reload nginx.service
$ sudo systemctl restart nginx.service
状态
$ sudo systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2020-09-01 08:25:29 UTC; 46min ago
Main PID: 4302 (nginx)
CGroup: /system.slice/nginx.service
├─4302 nginx: master process /usr/sbin/nginx
└─4303 nginx: worker process
Sep 01 08:25:28 ip-10-0-1-96.ap-northeast-1.compute.internal systemd[1]: Starting The nginx HTTP and reverse proxy server...
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal nginx[4295]: nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal nginx[4295]: nginx: configuration file /etc/nginx/nginx.conf test is successful
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal systemd[1]: Failed to read PID from file /run/nginx.pid: Invalid argument
Sep 01 08:25:29 ip-10-0-1-96.ap-northeast-1.compute.internal systemd[1]: Started The nginx HTTP and reverse proxy server.
重新加载守护程序配置
sudo systemctl daemon-reload
列出单位文件
sudo systemctl list-unit-files --type=service
systemd-modules-load.service static
systemd-nspawn@.service disabled
systemd-poweroff.service static
systemd-quotacheck.service static
systemd-random-seed.service static
systemd-readahead-collect.service enabled
列出依赖项(确认启动顺序)
$ systemctl list-dependencies
$ systemctl list-dependencies -a
systemd-analyze verify 的本地化中文释义
$ sudo systemd-analyze verify /etc/systemd/system/unicorn.service
